Google begins targeting Safe Browsing 'repeat offenders'

Google has announced that it is to boost its Safe Browsing programme by flagging sites which have been repeatedly listed as serving malicious code, unwanted programs, or hosting social engineering content.

Launched in 2005, Google's Safe Browsing system checks crawled websites for a range of malicious content ranging from malware and viruses to 'phishing' pages and unwanted software downloads. Should such content be found, anyone clicking through from Google Search - or visiting the site directly, if Safe Browsing is enabled in Google's Chrome web browser - receives an interstitial message warning of the risk. The offending site is rechecked at intervals until the malicious content is removed, at which point the interstitial message goes away - at least, that's how it used to work.

'Over time, we’ve observed that a small number of websites will cease harming users for long enough to have the warnings removed, and will then revert to harmful activity,' Google's Brooke Heinichen claimed in a post announcing the change. 'As a result of this gap in user protection, we have adjusted our policies to reduce risks borne by end-users. Starting today, Safe Browsing will begin to classify these types of sites as “Repeat Offenders.” With regards to Safe Browsing-related policies, Repeat Offenders are websites that repeatedly switch between compliant and policy-violating behaviour for the purpose of having a successful review and having warnings removed.'

Google claims its detection algorithm is sophisticated enough to tell the difference between sites which deliberately host malicious content and sites which simply have the misfortune to be hacked a few times in a row, and that the new rules will apply only to the former. Once flagged as a repeat offender sites will no longer be able to request verification through Google's search console, and the warning interstitial message will remain for a period of 30 days whether or not the malicious content has been removed.